Please fill out the fields below so we can help you better. Note: you must provide your domain name to get help. Domain names for issued certificates are all made public in Certificate Transparency logs (e.g. crt.sh | example.com), so withholding your domain name here does not increase secrecy, but only makes it harder for us to provide help.
It's signed by Let's Encrypt, which indeed is a CA. And you can download it from the site I linked, but you'd also need the private key, which, for obvious reasons, can't be downloaded from public sources.
Someone in your organisation would (or should) have access to the certificate and private key though.
A Let's Encrypt certificate is already securing https://tour.planitrite.com/, yes. Issued today to be exact. About 3 hours ago to be exactly exact.
What do you think you're getting when your CSR gets signed by Let's Encrypt, which is a CA? Right, exactly the same.
Note that Let's Encrypt doesn't incorporate things like "Email Address" or "Company" from the CSR into the certificate. This is due to the fact Let's Encrypt only offers (free) DV (Domain Validated) certificates, not OV (Organisation Verified) certificates.
By the way, that guide is also flawed on some level. It says:
After you create a CA-signed certificate, it's valid for 3 years.
But it also let's you choose the CA.. What if the CA only offers 90 days (or 180 or 365 days) certificates? Are they also valid for 3 years? No, of course not.. Then why would they claim such a thing?
Anyway, I agree with @danb35 here.. Sure, a guide tells you to do something. But are you actually required to follow the guide? What ultimate purpose does the guide have, what isn't already in effect?
Why do you think you have to do that? I know, the guide says you do--but what are you wanting to accomplish that isn't done already? You already have a cert. It's already in use by your web server. For what other purpose do you think you need a cert?
...and, in fact, no trusted CA currently offers 3-year certs. But even if one or more did, that'd still be a foolish statement for the guide to make, because it's never been the case that all CA-signed certificates are valid for 3 years.